Provenance alone does not guarantee a trusted supply chain (sometimes referred to as an assured or attested supply chain). That requires an authenticated chain of custody, which enables downstream ...

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

Very soon, the Android OS, Chrome browser and other Google products will stop trusting all digital certificates that are linked to a 20-year-old Verisign root certificate. The announcement comes after ...

I'm having a little problem with my OWA deployment. I've issued a server cert for it from my AD intermediary CA. That works just fine for machines that are inside the domain but other systems gets SSL ...

Cybersecurity attacks in the automotive industry have increased in magnitude, frequency and sophistication in recent years. According to IDC, there have been more than 900 publicly reported automotive ...

The new Windows CryptoAPI CVE-2020-0601 vulnerability disclosed by the NSA can be abused by malware developers to sign their executables so that they appear to be from legitimate companies. This ...

Digitally signed threats with a valid certificate are no longer the mark of a nation-state, sophisticated attacker. The number of malware samples signed with a valid certificate found on VirusTotal is ...